CVE-2020-10364

HIGH

MikroTik RouterOS <= 6.44.3 - Denial of Service via SSH Daemon Resource Exhaustion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10364. PoCs published by FarazPajohan.

AI-analyzed exploit summary This exploit demonstrates an uncontrolled resource consumption vulnerability in MikroTik SSH daemon (v6.44.3 and earlier) by establishing multiple connections and writing null bytes, leading to a denial of service (DoS) via SIGPIPE signal and potential system reboot.

Description

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.

Exploits (1)

exploitdb WORKING POC
by FarazPajohan · textdoshardware
https://www.exploit-db.com/exploits/48228

This exploit demonstrates an uncontrolled resource consumption vulnerability in MikroTik SSH daemon (v6.44.3 and earlier) by establishing multiple connections and writing null bytes, leading to a denial of service (DoS) via SIGPIPE signal and potential system reboot.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: MikroTik RouterOS SSH Daemon through v6.44.3
No auth needed
Prerequisites: network access to the target SSH port · ability to establish multiple concurrent connections
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Mitigation, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48228
Exploit, Mitigation, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html

Scores

CVSS v3 7.5
EPSS 0.0259
EPSS Percentile 83.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-770
Status published
Products (1)
mikrotik/routeros < 6.44.3
Published Mar 23, 2020
Tracked Since Feb 18, 2026